The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
12,597 vulnerabilities with CWE-20
CVE-2018-11316
CRITICAL
Sonos Firmware - Unauthenticated Remote Device Control via DNS Rebinding
CVSS 9.6
CVE-2018-11314
CRITICAL
Roku Firmware - Unauthenticated Remote Device Control via DNS Rebinding Attack
CVSS 9.6
CVE-2018-7635
MEDIUM
Whale Browser < 1.0.41.8 - URL Spoofing via Blank Page Title Display
CVSS 5.3
CVE-2018-7787
MEDIUM
Schneider Electric U.motion Builder <1.3.4 - Info Disclosure
CVSS 5.3
CVE-2018-7784
CRITICAL
Schneider Electric U.motion Builder <1.3.4 - Code Injection
CVSS 9.8
CVE-2018-7777
HIGH
Schneider Electric U.motion Builder <1.3.4 - RCE
CVSS 8.8
CVE-2018-4851
HIGH
Siemens SICLOCK TC100 and TC400 - Denial of Service via Network Packet
CVSS 8.2
CVE-2018-10843
HIGH
Openshift Container Platform < 3.7.53 - Privilege Escalation via Source-to-Image Assemble Script
CVSS 8.5
CVE-2018-13056
HIGH
zzcms 8.3 - Arbitrary File Deletion via /user/del.php
CVSS 7.5
CVE-2018-10874
HIGH
Ansible < 2.4.6.0 - Unauthenticated Remote Code Execution via Inventory Variable Injection
CVSS 7.8
CVE-2018-12999
HIGH
Zoho ManageEngine Desktop Central 10.0.255 - Unauthenticated Arbitrary File Deletion via AgentTrayIconServlet
CVSS 7.5
CVE-2018-12988
HIGH
GreenCMS 2.3.0603 - Arbitrary File Download via index.php Media Downfile Parameter
CVSS 7.5
CVE-2018-5528
MEDIUM
BIG-IP 13.0.1/13.1.0.4-13.1.0.7 - Info Disclosure
CVSS 5.3
CVE-2018-3840
HIGH
Pixar Renderman IT Display Service 21.6 - Denial of Service via Network Packet Parsing
CVSS 7.5
CVE-2018-1374
MEDIUM
IBM WebSphere MQ <9.0.5 - Memory Corruption
CVSS 5.3
CVE-2018-12712
HIGH
Joomla! <3.8.9 - Local File Inclusion
CVSS 8.8
CVE-2018-1000607
MEDIUM
Jenkins Fortify CloudScan Plugin <1.5.1 - Arbitrary File Write
CVSS 6.5
CVE-2018-1000533
CRITICAL
GitList <= 0.6.0 - Remote Code Execution via Search Form Input
CVSS 9.8
CVE-2018-1000531
HIGH
prime-jwt < 1.3.0 - JWT Signature Validation Bypass via 'none' Algorithm
CVSS 7.5
CVE-2018-1000523
HIGH
topydo <d4f843dac71308b2f29a7c2cdc76f055c3841523 - Code Injection
CVSS 8.1
CVE-2018-1000205
MEDIUM
U-Boot < 2018.07 - Verified Boot Bypass via Crafted FIT Image
CVSS 5.5
CVE-2018-0529
MEDIUM
Cybozu Office 10.0.0-10.7.0 - Denial of Service
CVSS 4.3
CVE-2018-11046
MEDIUM
Pivotal Operations Manager 2.0.14 and 2.1.x < 2.1.6 - Unpatched NGINX Vulnerabilities
CVSS 6.5
CVE-2018-12703
HIGH
Block 18 - Unverified Callcode Execution in approveAndCallcode Function
CVSS 7.5
CVE-2018-12702
HIGH
Globalvillage ecosystem (GVE) - Unverified Callcode Execution in approveAndCallcode Function
CVSS 7.5
Details
Vulnerabilities
12,597
Exploit Likelihood
High